Panda Software, a Spanish antivirus software company, announced last week that 5 of its customers had been attacked by a new virus (HTML/LittleDavina). Other antivirus companies were irked by the announcement because they had not previously been sent the source code of the virus through the REVS (Rapid Exchange of Virus Source) group, put together by Network Associates. Members of REVS typically share all virus source code they receive to ensure that new antivirus code is created quickly by all antivirus software companies.

Panda claimed that the person responsible for sending the virus code to REVS was out sick that day and the code was inadvertently not sent to REVS. Vincent Gullotto, director of Network Associates' antivirus emergency research team, tendered harsh criticism. Among his comments were, “If that's their excuse, then they need to figure out something else,” and, “If they are a member of REVS, then it has failed miserably. If so, I will instruct my researchers to dismantle the list.” Further, Gullotto said that 20 of his researchers would have to be out sick in order for a similar situation to occur at Network Associates.

ROB'S OPINION
First of all, I had no idea that this list existed, but it certainly seems like a good idea to get source code of new viruses to as many antivirus software vendors as quickly possible. I was a bit taken aback by Gullotto's comments. Is it really necessary to dismantle the REVS list because the source from one virus took a little while to get out to the group? Isn't the list still doing more good than harm?

The statement that 20 researchers at NAI would have to be out for this to happen certainly lets us know that NAI is serious about viruses, but then again it's a huge company. What we don't know is whether Panda has ever submitted virus code to REVS before, and if it has a history of being late. From what I read, it seems like Panda may have been sloppy, and it should just be encouraged to get its procedures straight or even warned of some consequences for next time. There wasn't much to indicate that it was actually being malicious by not releasing the code. This is one virus out of thousands, after all.

It's certainly interesting to get a little inside peek into the antivirus industry.

USER COMMENTS 16 comment(s)

Being real(3:06am EST Fri Jan 19 2001)“Further, Gullotto said that 20 of his researchers would have to be out sick in order for a similar situation to occur at Network Associates.” It's cool to see someone with an attitude and some balls and getting a little pissy. That guy is cool :)